How to Get a Stronger Grip on Contract and Vendor Management

Vendor management and contracts are more important than they've ever been, yet many organizations can't afford a separate contract management function. Here are some best practices for IT teams.

Mary E. Shacklett, President of Transworld Data

July 1, 2021

7 Min Read
Maksym Dykha via Adobe Stock

Few IT departments have dedicated contract management functions, unless their enterprises are very large and spend tens of millions of dollars annually on IT. Nevertheless, that doesn’t make contract and vendor management any less important in smaller organizations, which can have more than 90% of their hardware, software, networks, databases, etc., sourced from outside vendors.

Since there is so much reliance on outside IT solution providers, the ability to negotiate solid contracts and develop strong relationships with vendors is paramount. In fact, the success of your entire IT depends upon it.

Consider these situations:

  • A company wants to de-convert a system from one vendor to another. Unfortunately, the vendor that the company is leaving refuses to cooperate in the de-conversion. This delays the company’s progress for months, and angers users, the board and management.

  • A cloud provider fails to provide adequate security, and company data is stolen. This harms customers, creates liabilities and lawsuits, and irreparably tarnishes the company's reputation.

  • A vendor hires away one of your most valuable employees. Now you have a gaping hole to fill on your staff.

All are situations that I’ve personally witnessed as I’ve worked with organizations of different sizes. And all could have been avoided or more effectively mitigated if upfront contract provisions had been in place to addressed them.

So, how do you improve the quality of your contracts and vendor relationships?

You can have an attorney review your agreements from a legal standpoint before you sign them, but this alone doesn't guarantee a sound contract or a good start to a vendor relationship. It has shortcomings because the attorney will know the legal ropes, but not the IT realties of what could or could not happen.

Or, if you are a small or mid-sized company without a contract management function in IT, you can also create practices that your managers must read all contracts in their entirety before signing them, including the fine print. Many companies have done this, but this approach also has shortcomings, since not all managers will read the fine print, and those who do may not understand all of it if they don't have a legal background.

An optimal approach for companies without a formal contract management function is to have both an attorney and an experienced IT manager go over the contract. These individuals can flag any areas of concern so the areas can be discussed and resolved with vendors. There is also a set of contract and vendor management best practices that you can put in place, and that will go far in cultivating sound contract and vendor relationships. Here are seven of them:

1. Negotiate your start date on a contract, but also have an exit strategy.

Many vendor contracts are open ended in that they either have an auto-renew clause for the contract, or no termination clause at all. Early in my career, I faced the latter situation. We wanted to exit a contract because of poor service, but when we looked at the contract, there was no termination date. Our in-house attorney recommended that we just stop using the service. This would signal termination to the vendor. It did, indeed, stop the contract -- but I never felt comfortable about ending a contract this way.

The better way would have been to negotiate contract start and end dates, along with a termination clause. Many vendors today have 30-day termination notice clauses, so it is less of a problem than in the past.

2. Include de-conversion language in a vendor contract

There is second phase of an exit strategy and that is when you desire to convert to another vendor.

Your present vendors won’t like to lose business, and it’s not uncommon for a losing vendor to delay a client’s de-conversion to another’s product, or to not help at all. When this happens, implementation delays occur and both IT and the business feel the pain.

You can avoid this situation by inserting language into your contract with the vendor that presents SLAs (service level agreements) for a de-conversion, should one become necessary. By clearly defining de-conversion performance expectations upfront and in writing, you can guarantee vendor performance and also exact penalties if needed. Many vendors do not address de-conversion in their standard contracts, so you will need to add the language in an addendum to the contract that is fully integrated (discussed later) with the contract.

3. Define your SLAs in each vendor contract

SLAs for each vendor contract should be in writing, and you should plan to minimally meet with each vendor annually to review SLAs. At the meeting, you and your vendor can review SLAs and determine if any of them need to be modified for the next year to reflect changes in business conditions.

Many vendors include standard sets of SLAs in their contracts, but many don’t. If your vendor lacks SLAs, or needs additional ones, add your SLAs in an addendum to the contract. It should also be stated that if minimal performance against SLA is not achieved by the vendor, you have the right to terminate the contract.

4. Add an integration clause to your contract

Legally, a contract integration clause is defined as a “merger” of the baseline contract and of any other items of performance or conditions the are attached to it (such as an addendum of SLAs you might add). What the contract integration clause does is substantiate that both the baseline contract and the addendum of conditions you have attached to it constitute the full agreement between you and your vendor.

If you add an addendum full of SLAs and you do not put an integration clause in the body of the original contract, or in a cover page the governs the entire contract and addendum, you risk a court of law interpreting that the full agreement between you and your vendor is just the baseline contract (and not the addendum). This is what makes a contract integration clause so essential.

If you're not sure how to write a contract integration clause, it is wise to consult an attorney.

5. Read the fine print on vendor liabilities

Many vendors guarantee baseline performance of their products and services but will not assume liability if they experience an outage that impacts your business. In other cases, vendors will guarantee failover times to recovery.

The liability language is typically embedded somewhere in the fine print of the vendor contract. It is easy to miss, so don't miss it.

Most vendors will not modify the liability language in their contracts, so if there is exposure (e.g. an outage occurs) and you still want failover-level service but the vendor doesn't promise it, understand upfront what your exposures are. Rank the vendor in an IT risk category, develop a mitigation plan of your own, and be sure to brief your CEO/board of directors about the risk.

6. Form an agreement with your vendor on hiring practices

It’s not uncommon for vendors to “poach” strong performers from clients, especially if these performers have specialized knowledge about a particular industry vertical. On the flip side, it’s not uncommon for client companies to hire away super performers from vendors, either.

The best strategy for hiring away personnel is for you and the vendor to sit down together so you can forge an agreement. This is an area where you might also want to consult with an attorney about what a reasonable “no hire” time is, because you still have to afford employees reasonable opportunities to move between employers if they choose to.

7. Ask your vendor for its most recent security audit

IT vendors should be able to share with you their latest third-party security audit. You want to ask them for the audit because you want the assurance that their platform doesn’t pose a security risk to your own IT. If a vendor can't provide a written third-party security audit to you that was performed within the last 18 months, it’s better to look for another vendor.

Related Content:

What to Do When a Vendor Goes Out of Business

How to Negotiate with Software Providers for the Best 2021 Deals

Optimize Existing Technologies for Maximum Value

About the Author(s)

Mary E. Shacklett

President of Transworld Data

Mary E. Shacklett is an internationally recognized technology commentator and President of Transworld Data, a marketing and technology services firm. Prior to founding her own company, she was Vice President of Product Research and Software Development for Summit Information Systems, a computer software company; and Vice President of Strategic Planning and Technology at FSI International, a multinational manufacturer in the semiconductor industry.

Mary has business experience in Europe, Japan, and the Pacific Rim. She has a BS degree from the University of Wisconsin and an MA from the University of Southern California, where she taught for several years. She is listed in Who's Who Worldwide and in Who's Who in the Computer Industry.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights